KR20150069435A - Apparatus and method for controlling security module - Google Patents
Apparatus and method for controlling security module Download PDFInfo
- Publication number
- KR20150069435A KR20150069435A KR1020130155833A KR20130155833A KR20150069435A KR 20150069435 A KR20150069435 A KR 20150069435A KR 1020130155833 A KR1020130155833 A KR 1020130155833A KR 20130155833 A KR20130155833 A KR 20130155833A KR 20150069435 A KR20150069435 A KR 20150069435A
- Authority
- KR
- South Korea
- Prior art keywords
- security module
- usim
- module
- security
- terminal
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/606—Protecting data by securing the transmission between two devices or processes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/77—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in smart cards
Abstract
Description
The present invention relates to an apparatus and a method for reconfiguring an executable file in a virtualized environment, and more particularly, to a device for controlling a security module used as a subscriber authentication module of 3G mobile communication and a hardware security module applied for security of a mobile terminal, It is about the method.
The mobile communication terminal evolved into a smart phone and evolved into an open system not only for voice / text communication but also for installing and using various services. However, the development of such smartphones also increases the number of malicious attacks using security vulnerabilities, which causes various security threats such as hacking, malicious code, and smashing to become a problem.
Accordingly, various security techniques corresponding to security threats are being developed, and it is the strongest security technique to perform a security function by applying a separate hardware security module among various security techniques.
There are two main ways to apply the hardware security module. One is a device mounted on the device itself such as a mobile trunk module (MTM) which can not be attached or detached, and the other is an external device capable of attaching and detaching such as a universal subscriber identity module (USIM). Both devices have different main purpose in security function as different hardware types, especially external devices are easy to apply.
This type of external hardware security module is a micro-SD card type security module. In general, Android-based smartphones support micro SD cards for memory expansion, and it is a security SD card that uses an external device called a micro SD card as a security module. The security SD card has a CPU-based embedded system added to the security function of the SD card which is composed of the conventional memory and the SD controller. In this case, the embedded system added is the IC Card-based system. Since the IC card has already been used for a long time and its safety and security have been verified, a secure SD card is implemented by applying the existing IC card system instead of applying a completely new system.
The security SD card thus implemented has an advantage that the security function can be applied while using the existing SD card as it is, while the security system is applied in the limited SD card, and the memory size is reduced. In other words, if a user uses a secure SD card, the value of the SD card called memory expansion must be abandoned to a considerable extent.
In fact, smartphones basically include USIM, which performs subscriber authentication in 3G network. Here, since the subscriber authentication performed by the USIM is also a security function, the USIM has a value as one security module. In addition, the USIM is an embedded system based on an IC card system like a secure SD card, and it has almost the same structure in a hardware SD card and its configuration. In fact, the ability to install and use a variety of applications on a Java-based USIM, an open operating system, was also a major advantage for users in a closed system-based mobile phone that was difficult to install service applications freely prior to smartphones. In order to develop more high capacity USIMs and to enable faster communication with mobile terminals, USIM standard has been developed to include USB in order to enable USB communication instead of existing serial communication.
There is also a technology that uses the USIM to provide functions other than USB, for example, the MTM function. For example, Korean Patent Laid-Open No. 10-2010-0065723 entitled " Method and apparatus for providing a mobile trust module function "uses a USIM that provides a shielding area, protection capability, and physical security, And the MTM function is provided in the mobile communication terminal.
However, as the era of smart terminals such as smart phones comes, users do not have to run services in USIM. If only the service is taken into consideration, a smart terminal having a computing power that can not be compared with the USIM can install a variety of services and execute at a higher speed. In other words, the USIM can now be said to perform only the unique function of subscriber authentication.
In other words, a security SD card added with a security function to the SD card for the purpose of using a communication interface for applying an external security module, or a USIM card that only functions as a subscriber authentication, In terms of the hardware system, the security SD card has a problem of memory size loss, and USIM card has a disadvantage of wasting system resources.
It is an object of the present invention to provide a device and a method for controlling a USIM module used as a subscriber authentication module of a 3G mobile communication and a hardware security module applied for security of a mobile terminal to be executed in a USIM card device .
According to an aspect of the present invention,
The security module control device receiving an instruction from the terminal; Controlling the USIM executable code corresponding to the serial communication to operate when the command is received through the serial communication; Controlling the operation of the security module executable code corresponding to the USB communication when the command is received through the USB communication; And transmitting the response corresponding to the completed execution code to the terminal when the operation of the first USIM execution code or the security module execution code is completed.
According to the present invention, the security module control apparatus can process the functions of the security module with only one USIM module. Therefore, there is no restriction on interface or memory size caused by using a separate external device such as a secure SD card, and without using a USB interface and utilizing a spare resource of the USIM to add a new hardware security module, It is possible to apply the security module to the security module.
The present invention also relates to a method and system for managing an execution code area using a conventional hardware device by using characteristics of a USIM and a security module operating in a command / Since the integrated security module is implemented through separation, the price increase due to the addition or upgrade of the device does not occur.
In addition, when the security module is added to the existing USIM module as one software and included as part of the USIM executable code, the same protocol as that of the USIM should be used, and the security module also has a dependency to be implemented on the same OS as the USIM. Since the invention is completely separate from the software, it is also advantageous that the implementation of the security module is independent of the USIM. In addition, it has an advantage that it is applicable to a terminal that does not support an external memory because there is no SD card slot.
According to the present invention, the security module control apparatus can process the functions of the security module with only one USIM module. Therefore, there is no restriction on interface or memory size caused by using a separate external device such as a secure SD card, and without using a USB interface and utilizing a spare resource of the USIM to add a new hardware security module, It is possible to apply the security module to the security module.
The present invention also relates to a method and system for managing an execution code area using a conventional hardware device by using characteristics of a USIM and a security module operating in a command / Since the integrated security module is implemented through separation, the price increase due to the addition or upgrade of the device does not occur.
In addition, when the security module is added to the existing USIM module as one software and included as part of the USIM executable code, the same protocol as that of the USIM should be used, and the security module also has a dependency to be implemented on the same OS as the USIM. Since the invention is completely separate from the software, it is also advantageous that the implementation of the security module is independent of the USIM. In addition, it has an advantage that it is applicable to a terminal that does not support an external memory because there is no SD card slot.
The present invention will now be described in detail with reference to the accompanying drawings. Hereinafter, a repeated description, a known function that may obscure the gist of the present invention, and a detailed description of the configuration will be omitted. Embodiments of the present invention are provided to more fully describe the present invention to those skilled in the art. Accordingly, the shapes and sizes of the elements in the drawings and the like can be exaggerated for clarity.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Hereinafter, a security module control apparatus and method according to a preferred embodiment of the present invention will be described in detail with reference to the accompanying drawings.
First, a terminal to which a security module control device according to a preferred embodiment of the present invention is applied includes a USIM, a voice / data communication using a mobile communication network, a mobile device such as a smart phone .
The security module refers to a hardware-based security module embedded in a terminal or provided as an external device in applying a solution for providing security functions of a terminal. In the case of an external device, a method of providing a secure SD card in order to use an SD card slot of the terminal, which can not add a new interface for data communication with the terminal due to a structural limitation of the terminal, is used. Therefore, the security module is the same as the general SD card in the external shape where the security module is added to the existing SD card, and the security module is included internally, but the memory size is reduced.
Hereinafter, the USIM card corresponds to a device for subscriber authentication in 3G mobile communication, which means that a USIM module for subscriber authentication is installed in a UICC which is a smart card used in a mobile device on a mobile network. Depending on the size, there are various shapes such as Mini-SIM and Micro-SIM. The interface standard of the USIM card is shown in FIG.
Referring to FIG. 1, in the interface standard of the USIM card, C6 does not require additional power due to the low power process, and can be used as an SWP interface for NFC communication. For C4 and C8, it can be used as a USB interface.
The integrated security module adds a security module to the USIM so that the integrated security module can be implemented not only by using two simple hardware methods but also by including a security module function by software in the USIM function, A module for storing a USIM executable code and an execution code area of a security module on a memory in which the generated executable code is stored, and storing the execution code area of the USIM executable code and the executable code area of the security module, respectively. At this time, the executable code of the control module responsible for the selection and control of the USIM and the security module is also included.
The executable code corresponds to an image file composed of a command code mounted on a ROM, a flash memory, or the like so that the hardware device can operate according to the order of commands recorded in the executable code. In the case of a security module or USIM, the developer must implement the functions of the security module or the USIM in the form of source code so that each device can perform the corresponding function, and compile the same with the basic source package of the corresponding hardware And finally generated by machine code that can be read and executed by the cpu of the hardware device.
In the security module control apparatus and method according to the embodiment of the present invention, when a hardware security module for providing a security function to a terminal is applied, a security module is added to an existing USIM instead of adding a new hardware security module , And a control method and apparatus of an integrated security module in which a control module is added to distinguish the USIM and the security module in an interface manner.
Next, a structure of a memory on which an execution code in the security module control device is to be loaded will be described in detail with reference to FIG.
2 is a block diagram schematically showing the structure of a memory on which an executable code in a security module control apparatus according to an embodiment of the present invention is to be installed.
Referring to FIG. 2, the ROM or
The
The
The
The
Next, the security
3 is a block diagram schematically showing a security module control apparatus according to an embodiment of the present invention.
First, the ROM or
The
If the
The
3, the security
The security
First, the terminal transmits a command to the serial device, that is, the
Then, the
The
The USIM executable code performs an operation corresponding to the received command, stores the response in the transmission buffer previously defined in the RAM, and then moves the next execution code address to the control module.
The
Next, the terminal transmits a command to the USB device, that is, the
Then, the
The
After executing the operation corresponding to the received command, the security module executable code again stores the response in the transmission buffer previously defined in the RAM, and then moves the next execution code address to the control module.
The
Since the
Next, a method for controlling the security module will be described in detail with reference to FIG.
4 is a flowchart illustrating a method for controlling a security module according to an embodiment of the present invention.
First, the ROM or
Referring to FIG. 4, the
When the command is received, the
The
On the other hand, when receiving the command via the
In step S300 or step S400, the USIM executable code or the security module executable code performs an operation corresponding to a command received from the terminal and stores the response in a transmission buffer defined in advance.
Next, the
As described above, the present invention can process the functions of the security module with only one USIM device. Therefore, there is no restriction on interface or memory size caused by using a separate external device such as a secure SD card, and without using a USB interface and utilizing a spare resource of the USIM to add a new hardware security module, It is possible to apply the security module to the security module.
As described above, an optimal embodiment has been disclosed in the drawings and specification. Although specific terms have been employed herein, they are used for purposes of illustration only and are not intended to limit the scope of the invention as defined in the claims or the claims. Therefore, those skilled in the art will appreciate that various modifications and equivalent embodiments are possible without departing from the scope of the present invention. Accordingly, the true scope of the present invention should be determined by the technical idea of the appended claims.
10; ROM or
200;
310; A
330; USB communication section
Claims (1)
Controlling the USIM executable code corresponding to the serial communication to operate when the command is received through the serial communication;
Controlling the operation of the security module executable code corresponding to the USB communication when the command is received through the USB communication; And
When the operation of the USIM execution code or the security module execution code is completed, transmitting a response corresponding to the completed execution code to the terminal through serial communication or USIM communication
And a security module.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020130155833A KR20150069435A (en) | 2013-12-13 | 2013-12-13 | Apparatus and method for controlling security module |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020130155833A KR20150069435A (en) | 2013-12-13 | 2013-12-13 | Apparatus and method for controlling security module |
Publications (1)
Publication Number | Publication Date |
---|---|
KR20150069435A true KR20150069435A (en) | 2015-06-23 |
Family
ID=53516557
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020130155833A KR20150069435A (en) | 2013-12-13 | 2013-12-13 | Apparatus and method for controlling security module |
Country Status (1)
Country | Link |
---|---|
KR (1) | KR20150069435A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20190007039A (en) * | 2016-06-10 | 2019-01-21 | 기제케+데브리엔트 모바일 서큐리티 게엠베하 | Memory management of the security module |
-
2013
- 2013-12-13 KR KR1020130155833A patent/KR20150069435A/en not_active Application Discontinuation
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20190007039A (en) * | 2016-06-10 | 2019-01-21 | 기제케+데브리엔트 모바일 서큐리티 게엠베하 | Memory management of the security module |
US11205020B2 (en) | 2016-06-10 | 2021-12-21 | Giesecke+Devrient Mobile Security Gmbh | Memory management of a security module |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9351164B2 (en) | Secure NFC routing | |
CN106465460B (en) | Method and apparatus for supporting GLOBALPALATFORM usage on embedded UICCs | |
US11126753B2 (en) | Secure processor chip and terminal device | |
JP5415493B2 (en) | Smart card, and anti-virus system and scanning method using the same | |
US9635549B2 (en) | Providing subscriber identity module function | |
US10387219B2 (en) | Enabling multiple secure elements in a card computing device | |
US9390259B2 (en) | Method for activating an operating system in a security module | |
CN105592403B (en) | NFC-based communication device and method | |
EP3155554B1 (en) | Electronic device, system and method for nfc | |
EP3333701B1 (en) | Method for implementing host card emulation, terminal, and data routing method and apparatus | |
US20150087235A1 (en) | Communication Method and Apparatus for NFC Device and NFC Device | |
US11907931B2 (en) | Method and system for managing virtual electronic card, secure chip, terminal and storage medium | |
US20200296573A1 (en) | Electronic device and method for managing an ic card with multiple sim profiles | |
KR20150069435A (en) | Apparatus and method for controlling security module | |
US9642010B2 (en) | Management server, data processing method, and program | |
CN108123954B (en) | Business handling method and terminal equipment | |
TW201719395A (en) | Smart card and application downloading method thereof | |
CN109634885B (en) | Method and device for communication between mobile terminal and smart card | |
CN114286345B (en) | NFC communication device and method in intelligent terminal | |
CN111143265B (en) | Data transmission method and device based on virtual machine | |
EP3680822B1 (en) | Portable electronic device, non-contact communication system, and non-contact communication method | |
EP3916548A1 (en) | Electronic device and method for controlling electronic device | |
CN117041960A (en) | High-speed communication method, system and equipment based on T-Box Ethernet and SE | |
US20170230807A1 (en) | Method for consulting the status of a resource of an electronic device, associated electronic entity and electronic device provided with such an electronic entity | |
EP2907070A1 (en) | Sim usb interface to external world |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WITN | Withdrawal due to no request for examination |